diff options
author | Jonas Dreßler <verdre@v0yd.nl> | 2023-02-19 12:19:43 +0100 |
---|---|---|
committer | Marge Bot <marge-bot@gnome.org> | 2023-03-26 11:51:02 +0000 |
commit | 7455c293c66898ca0841f5f984ada43feb5c088a (patch) | |
tree | 922246a52f0e44b0c56af0e375fd5ab6535a6673 | |
parent | 679d2fb4e069ac7fbb021dda24f97fdc875274fb (diff) | |
download | mutter-7455c293c66898ca0841f5f984ada43feb5c088a.tar.gz |
window-actor-x11: Check array bounds before accessing array
scan_visible_region() scans through each value of a uint8_t array and checks
whether that value is 255. Right now it always checks one value too much
though, resulting in a buffer overflow. Fix that by checking the array
bounds before actually accessing the array.
Found by running gnome-shell with address sanitizer and starting
GIMP.
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2856>
-rw-r--r-- | src/compositor/meta-window-actor-x11.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/compositor/meta-window-actor-x11.c b/src/compositor/meta-window-actor-x11.c index bdca02eb9..edc48885e 100644 --- a/src/compositor/meta-window-actor-x11.c +++ b/src/compositor/meta-window-actor-x11.c @@ -723,7 +723,7 @@ scan_visible_region (guchar *mask_data, for (x = rect.x; x < (rect.x + rect.width); x++) { int x2 = x; - while (mask_data[y * stride + x2] == 255 && x2 < (rect.x + rect.width)) + while (x2 < (rect.x + rect.width) && mask_data[y * stride + x2] == 255) x2++; if (x2 > x) |